CVE-2017-12165

It was discovered that Undertow before 1.4.17, 1.3.31 and 2.0.0 processes http request headers with unusual whitespaces which can cause possible http request smuggling.

References

Affected packages

Git / github.com/undertow-io/undertow

Affected ranges

Type: GIT
Repo: https://github.com/undertow-io/undertow
Events: Introduced

30392f538d254ed54834854e3f7face2bf945dcb

Fixed

ca20c31781dd721837775b92ad5783d742546e17

Affected versions

1.*

1.0.0.Final

1.0.1.Final

1.0.2.Final

1.0.3.Final

1.1.0.Beta1

1.1.0.Beta2

1.1.0.Beta3

1.1.0.Beta4

1.1.0.Beta5

1.1.0.Beta6

1.1.0.Beta7

1.1.0.Beta8

1.2.0.Beta1

1.2.0.Beta10

1.2.0.Beta2

1.2.0.Beta3

1.2.0.Beta4

1.2.0.Beta5

1.2.0.Beta6

1.2.0.Beta7

1.2.0.Beta8

1.2.0.Beta9

1.2.0.CR1

1.2.0.Final

1.2.1.Final

1.2.2.Final

1.2.3.Final

1.2.4.Final

1.3.0.Beta1

1.3.0.Beta10

1.3.0.Beta11

1.3.0.Beta12

1.3.0.Beta13

1.3.0.Beta2

1.3.0.Beta3

1.3.0.Beta4

1.3.0.Beta5

1.3.0.Beta6

1.3.0.Beta7

1.3.0.Beta8

1.3.0.Beta9

1.3.0.CR1

1.3.0.CR2

1.3.0.CR3

1.3.0.Final

1.3.1.Final

1.3.10.Final

1.3.11.Final

1.3.12.Final

1.3.13.Final

1.3.14.Final

1.3.15.Final

1.3.16.Final

1.3.17.Final

1.3.18.Final

1.3.19.Final

1.3.2.Final

1.3.20.Final

1.3.21.Final

1.3.22.Final

1.3.23.Final

1.3.24.Final

1.3.25.Final

1.3.26.Final

1.3.27.Final

1.3.28.Final

1.3.3.Final

1.3.30.Final

1.3.5.Final

1.3.6.Final

1.3.7.Final

1.3.8.Final

1.3.9.Final

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-12165.json"